1

00:00:00,830  -->  00:00:04,290
Isolation and compartmentalization
is one of the most powerful

2

00:00:04,354  -->  00:00:06,690
security controls available to you,

3

00:00:07,024  -->  00:00:11,461
and if used effectively, can mitigate
most security threats.

4

00:00:12,062  -->  00:00:16,967
Isolation and compartmentalization is used
to implement security domains,

5

00:00:17,200  -->  00:00:21,671
creating separate levels
of usability, security

6

00:00:22,039  -->  00:00:27,444
and supporting different identities
or aliases for privacy and anonymity.

7

00:00:28,100  -->  00:00:30,514
If an adversary exploits
a vulnerability,

8

00:00:30,780  -->  00:00:33,517
isolation and compartmentalization

9

00:00:33,817  -->  00:00:37,621
mitigates the impact to the isolated
security domain.

10

00:00:38,455  -->  00:00:41,124
Let me give you a simple
but very effective example

11

00:00:41,425  -->  00:00:43,794
of isolation and compartmentalization

12

00:00:44,420  -->  00:00:47,230
using a virtual machine guest
to browse the web.

13

00:00:47,370  -->  00:00:51,001
If the virtual machine guest
browser is compromised,

14

00:00:51,468  -->  00:00:54,137
because of the isolation
and compartmentalization,

15

00:00:54,540  -->  00:00:57,774
the host system is protected
from compromise.

16

00:00:58,208  -->  00:01:02,212
The impact is reduced or possibly
completely mitigated.

17

00:01:02,910  -->  00:01:07,350
With isolation and compartmentalization
you get to control the attack.

18

00:01:07,818  -->  00:01:11,110
In this section, I'm going to go through
a number of best methods

19

00:01:11,121  -->  00:01:15,959
to implement security domains through
isolation and compartmentalization.

20

00:01:16,593  -->  00:01:19,763
And multiple methods can
be used in combination,

21

00:01:20,080  -->  00:01:25,368
like a virtual machine with a sandbox
with encrypted partitions, etc.

22

00:01:25,969  -->  00:01:29,139
You need to consider what sort of
security domains you might need.

23

00:01:29,272  -->  00:01:32,409
This will be based on your
personal risk, consequences,

24

00:01:32,540  -->  00:01:34,478
and your adversary
and threat model.

25

00:01:34,911  -->  00:01:38,615
You want to isolate and
compartmentalize your assets.

26

00:01:38,615  -->  00:01:41,430
The things you care about
and those applications

27

00:01:41,518  -->  00:01:45,070
that interact with untrusted
sources like the internet.

28

00:01:45,140  -->  00:01:47,691
Your browser and email client,
for example.

29

00:01:48,158  -->  00:01:51,828
We won't go through all methods
of isolation and compartmentalization,

30

00:01:51,928  -->  00:01:55,232
as there are so many,
but I will run through the best,

31

00:01:55,332  -->  00:01:57,701
and also cover more
general methods

32

00:01:57,701  -->  00:01:59,803
so you can design your own methods of isolation

33

00:01:59,803  -->  00:02:02,038
and compartmentalization
when needed.

34

00:02:02,640  -->  00:02:06,643
You will see that many of the controls
in the course will use the principle

35

00:02:06,877  -->  00:02:08,845
of isolation and compartmentalization.